FIG. 1 is a block diagram of an exemplary Lawful Interception (LI) system and network 10 according to prior art. Said system and network comprises a number of entities. The exemplary LI system comprises a Law Enforcement Management Function, LEMF, 12 for requesting LI services of the LI system and collecting the intercepted information of Intercepting Access Point, IAP, nodes in the system. The system shall provide access to the intercepted Content of Communications, CC, and Intercept Related Information, IRI, of a target and services related to the target on behalf of one or more Law Enforcement Agencies, LEAs, 80. An intercept request, also denoted Request for LI activation, is sent through a first Handover Interface, HI1, located between the Law Enforcement Management Function 12 and an Intercept Mediation and Delivery Unit, IMDU, 14 comprising a Mediation Function, MF, 16, involving an Administration Function, ADMF,. Said Mediation Function 16 and Administration Function generate based on said received request a warrant comprising said one or more target identities, and sends said warrant towards an Intercepting Access Point, IAP, 20 via an interface denoted X1_1. The IAP 20 may be connected to a node of a network, e.g. the Internet, a 3 GSM (third Generation Mobile Communications System), etc., from which it intercepts said Content of Communications and Intercept Related Information of a mobile target. Said CC and IRI are network related data. As reference to the standard model, see references [1], [2]and [3], the content of communication is intercepted in the IAP network node and it is based upon duplication of target communication payload without modification. In reference [3], the interfaces HI1 and HI2 is specified in more detail. The IAP sends IRI raw data via an interface X2 to a Delivery Function for IRI reporting, DF2, 22 and a Mediation Function of IRI, MF2, 24 that generates and delivers to a collection functionality a standardized IRI report based on the received IRI report. Said standardized IRI report is sent over a standardized interface HI2 to the LEMF 12. The IAP 20 also sends CC raw data via an interface X3 to a Delivery Function for CC reporting, DF3, 26 and a Mediation Function of IRI, MF3, 28 which generates and delivers to a collection functionality a standardized CC report based on the received CC report. Said standardized CC report is sent over a standardized interface HI3 to the requesting LEMF 12.
Together with the delivery functions it is used to hide from the third generation (3G) IAPs that there might be multiple activations by different Lawful Enforcement Agencies on the same target.
The HI2 and HI3-interfaces represent the interfaces between the LEA and two delivery functions. The delivery functions are used:                to distribute the Intercept Related Information (IRI) to the relevant LEA(s) via HI2;        to distribute the Content of Communication (CC) to the relevant LEA(s) via HI3.        
According to known internet access services, all the IP streams related to a given target is intercepted and delivered as a whole session data flow regardless any service used within an interception session. If a LEA needs to access specific contents embedded in the whole session streams, it becomes necessary to do an appropriate post-processing of the intercepted data to find the data content of interest.
In the LI solution, the warrant data are stored in a source target database 30 of the mediation function 16 and, during the activation period, they are set on the IAPs 20 and stored in a target database 40 in each IAP 20. The data are not stored in a persistent way in the target databases 40 in the IAP's, i.e. they are lost in case of system shut-down.
Differences between the list of warrants in a target database 40 and the source target database 30 may occur as result of a node entity restart or a communication problem with the entities in the node.
An Audit and Synchronization function ensures the integrity of warrant provisioning within the LI Solution. It aims to guarantee to the User that:                All of the appropriate warrants are active in the target databases 40 in different IAPs 20;        There is no un-authorized active warrant;        Active warrants are aligned with source target database parameters.        
This function is crucial since it allows to detect any possible unauthorized access on the target database 40.
A report with all the encountered discrepancies between the target databases 40 in the IAPs 20 and mediation function 16 in the IMDU 14 is produced as result of the audit.
The Synchronization can be optionally requested at the creation of the audit job.
The current LI solutions interwork with very complex telecommunication networks, where:                Number of IAPs is constantly increasing;        There are multiple technical identities for the same intercepted subject;        The number of intercepted subjects/targets is increasing in many countries.        
One of the most demanding operations of the LI solution is the Audit functionality, which is used to periodically compare the source target database 30 of the LI management system IMDU 14 versus the target database 40 of all the IAPs 20 in the entire network.
In such complex scenario, from one side the Audit operation becomes more and more essential, from another side, the Audit becomes so demanding that the time needed for completing the whole operation, of checking item per item in the source target database 30 of the MF 16 versus the list of target databases 40 of any of the IAPs 20, might be very long and not always acceptable by the Lawful Enforcement Agencies.
The time between an authorized access to the IAP target database 40 leading to an illegal setting of interception target and the time of its detection is very crucial. Due to the above mentioned complexity of the audit execution, the discovery of a fraudulent interception order can take hours of delay.